Slashdot Log In
Fallout From Def Con: Ebook Hacker Arrested by FBI
Posted by
michael
on Tue Jul 17, 2001 08:09 AM
from the welcome-to-the-U.S.,-now-go-to-jail dept.
from the welcome-to-the-U.S.,-now-go-to-jail dept.
Richard and many other people sent in news about Dmitry
Sklyarov, a programmer at Russian software company Elcomsoft, who was arrested after giving a talk at Def Con 9 in Las Vegas titled "eBook Security: Theory and Practice." Elcomsoft publishes a program to remove restrictions from encrypted PDF files, which has severely annoyed Adobe Corporation. Adobe was apparently responsible for the arrest, charging that Elcomsoft is violating the Digital Millennium Copyright Act by publishing the software and giving the presentation at Def Con. (The presentation, by the way, is great - he compares the claimed features of ebook protection schemes with their actual features.) Also at Def Con 9: Hacking for Human Rights.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
When Adobe acts like this... (Score:4)
Re:Doesn't the DMCA specifically protect this? (Score:5)
It would be rather ironic if a Russian citizen would end up fighting an American law restricting his free speech.
Yes, DMCA = Legitimization of a Corp Police State (Score:3)
Yes this moves us ever closer to a corporate police state. Some companies, Wackenhut [wackenhut.com] for example, are even positioning themselves to have their own police forces (they already run several prisons).
----
Absolutely Incredible (Score:5)
Some of the "security" algorithms this white-hat whistleblower has exposed are incredibly poor. Here are some samples:
If I was a shareholder in any of these companies I would be demanding an investigation. This isn't just shoddy, it's an outright scam! None of these companies should be getting away with this. The customer is being ripped off, yet these shyster companies have the NERVE to use the law against the whistleblowers.
I'm disgusted.
Re:Tell Adobe (Score:3)
The person answering on the main line said I was the third person who called, and he actually put me on hold to find out who in Corporate was actually supposed to get these calls. So keep calling!
"mirror" of elmconsoft, and download (Score:4)
Thanks to google, here's a mirror of the http://www.google.com/search?sourceid=navclient&q
--
Re:How can we help? (Score:3)
Copyright Owner's Permission (Score:4)
Re:Tell Adobe (Score:4)
You can find your congresscritter at Congress.Org [congress.org] and inserting your zip code into the proper fields. When you do this, be sure to include your name, address and zip code in the letter.
Alternatively, you could send the following (NB, I haven't checked for spelling mistakes):
Dear (Senator/Representative) N.
... activity which would otherwise be protected under the First Amendment and the traditions of academic freedom. It is apparent that the DMCA must be changed or perhaps repealed.
I am writing today to express my displeasure concerning the way the FBI has conducted itself in regards to Dmitry Sklyarov and Elcomsoft.
Mr. Sklyarov gave a talk at a computer security conference on the security weaknesses of Adobe's eBook product, which were apparently easily discovered and exploited. Instead of thanking Mr. Sklyarov for his work, Adobe complained to the FBI and Mr. Sklyarov was detained for violating the Digital Millenium Copyright Act.
I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occuring.
This is not the first time that the Digital Millenium Copyright Act has been abused like this, and it won't be the last. In its short life we have seen many security consultants and even college and university professors threatened with prosecution under DMCA for exposing weaknesses in computer security
I look foreward to your position on this issue.
Sincerely, (name, address including zip)
Doesn't the DMCA specifically protect this? (Score:5)
Now the publication of a tool to circumvent the security of PDF documents, that's another story. Does anywone know which he was arrested for?
Yours truly,
Mr. X
...stupid stupid FBI...
Re:Copyright Owner's Permission (Score:3)
Agreed. If the "without authorization" refers to the copyright owner (and so far, everyone thinks that it does), then anyone who uses DMCA to prevent people from making compatable readers, also has to be damned careful to somehow keep anyone from making compatable writers as well. And DMCA (nor any other law that I've heard of) has nothing to prevent this from happening, unless the scrambling algorithm uses a patent.
And if they allow others to use their "authorized" writer (as is the case with Adobe and CSS-protected DVD manufacturers), it has to be under a special license that contains verbage to work around this DMCA hole. For example, in Adobe's case, they would have to offer the writing software only under a license (which means, in most people's opinion's, that it could not be sold through middlemen (retail stores, mail order stores, etc) in non-UCITA states, but rather, only available directly from Adobe with a contract signed prior to software being made available) where the purchaser of the software would have to agree to something like this:
I suspect that Adobe's software does not have anything like that in its EULA, and I also suspect that people are able to purchase and use Adobe's software without agreeing to whatever EULA they have, anyway.(I also suspect that even the CSS license doesn't have this covered adequately, but I don't know for sure, since none of the CSS-protected DVDs that I've bought, came with any statement that explains under what circumstances/equipment I am authorized to watch the movie.)
---
Dear Adobe: (Score:5)
Please become an Acrobat and stick your PDF up your own ass using some good Live Motion. Then see how fast you can Type on Call for you Illustrator. Then with it in you ass please go to the local Photoshop and laydown on the Page Maker untill you Indesign. At this point you will need Type Management and have no Postscript to bail yourself out.
Incredible (Score:5)
Instead of being arrested, he should be given a cut of the money the goverment fines adobe and its security partners for. The REAL criminals in cases like this where the money grubbing BS is exposed are often the companies themselves.
And I can count the number of times the DMCA has been used against real criminals on the palm of my hand. Never.
Luckly, slashdot's got a bunch of folks who actually make tech decisions. Let's try and wipe out these security plugins, and make it crystal clear to Adobe that they should be spending more time improving their products rather than going after the guy who blew the whistle on their BS. Call them today, again in a week, again in a month.
USA extending its law beyond its borders (Score:5)
There was a time when the West condemned the Communists governments for heavy-handed treatment of those who committed "economic crimes against the state", holding up the free market model as an example (including its civil courts as a resolution mechanism).
Who needs to wait for a world government -- its already here -- just open a corporation, make the right size contributions to your favourite party and you too will be "given" the right to be heard.
Re:Entrapment? (Score:4)
BTW (Score:3)
it was the FBI and the article says that he was detained, it makes no mention of an actual 'arrest'.. there's a big difference, they can detain you without any real reason, but they can only do it for so long.
jeebus cripes...
...dave
Adobe responsible for the arrest? (Score:4)
last i checked they were a software company, not a government agency.
could we please clarify what government agency actually made the arrest and on what basis?
...dave
Re:pure horseshit (Score:3)
2) What are the Bill of Rights and Consitution for? Toilet paper lately. 4th amendment has been gone for years - "war on Drugs" exception. 10th is ignored, 2nd is under attacik... and just TRY to use the 5th... see how far that gets you...
Re:Mirrored copy (Score:4)
Snail Mail... (Score:3)
http://www.adobe.com/aboutadobe/contact.html
San Jose Corporate Headquarters
Adobe Systems Incorporated
345 Park Avenue
San Jose, California 95110-2704
USA
-grendel drago
I hope (Score:3)
It looks like they knew this would happen (Score:4)
"I should say that it will not work," Katalov explained on comp.text.pdf. "We'll just move our site to another ISP, in another country (where there is no Digitial Millenium Copyright Act (DMCA)). And/or make our software available for free, under the GNU license."
Re:READ THE POSTING (Score:3)
and how valid is the DMCA in russia? it's perfectly legit software, the DMCA is a yank law, not a russian law.
why do americans seem to think that the laws they make also go for other countries?
//rdj
DMCA gives companies right to seize property (Score:3)
Pretty creepy!
Here [directv.com] is the press release about the first such case:
http://www.directv.com/press/pressdel/0,1112,41
Mirrored copy (Score:5)
I have a copy mirrored here [fibrespeed.net] (in Canada).
cf. FibreSpeed [fibrespeed.net]
Re:DMCA = Legitimization of a Corporate Police Sta (Score:5)
For example: knowing how to make a cable TV descrambler was never illegal -- using one to get free cable was.
READ THE ARTICLE (Score:4)
The reason for the arrest has been cited as being the Advanced eBook Processor and his speech at DefCon 9.
----
Re:The time has come to boycott Adobe. (Score:4)
adobe = adoobey
acrobat = acr0wfat
Illustrator = Illustrangler
kinda ironic (Score:4)
...that the news article on 'Hacking for human rights ' mentions that
"Hackers in the United States and other countries where abuses are infrequent should not be complacent" ....
Mind you it's worth checking Amnesty International [amnesty-usa.org] to see their comments on human rights in the USA.
Re:Don't Forget.... (Score:3)
The best way I've found to contact your elected officials is via Microsoft's FIN ("Freedom To Innovate Network"). They'll print out and snail mail the correspondence for you. Since they promise to mail, it would be a fedral offense for them to read this mail, figure it wasn't in MS's best interest, and throw it in
You have to agree to sign up for passport
You can send mail once per day per official.
Make sure to un-check the box that says they can read it -- you don't want MS to know what you're using them for
http://www.freetoinnovate.com/contact/default.a
Re:Tell Adobe (Score:4)
To Whom it may concern,
As a user of your products I have become very offended today. I feel like your company is trying to insult my intellegence. Your company has choosen to enforce the DMCA by arresting Dmitry Sklyarov.
By arresting Dmitry you are sending a message that you will allow your product to continue using substandard security. You should be applauding Dmitry for showing that your software needs improvement. As a user of eBook I am happy that Dmitry has shown that the security can be broken. Do you actually think your customers want you to hide these problems so only the bad guys can get our data?
Would you want to continue using eBook if you know from now own Adobe will use scare tactics to keep security holes hidden? Put yourselves in your users shoes. I am not going to use eBook from here on out. I will be looking for another product until your views on the matters change. Not only do I feel you should change your decision you must also voice out against the DMCA. From here on out I will never use any products that support the DMCA or any other plan to take away citizens rights.
Thanks for listening,
One more upset customer
use gv instead of Acrobat :-) (Score:4)
Side note: gv works just as well as Acrobat to view PDF files from netscape as a helper app (and PS too, of course). Just add "gv %s" in as the application to handle the file types for PostScript and PDF(edit->preferences->helperapps or something like that). Personally I like gv's navigational structure better anyway.
(Well, /path/to/gv if it isn't in your path, naturally.)
Very rarely I will run across a document that gv just doesn't like but that Acrobat displays fine. This happens maybe once a month, if I'm looking at a fair amount of pdf's.
I think the software dependencies for gv are ghostscript and whatever dependencies it has but I'm not sure. apt-get or rpmfind.net [rpmfind.net] or your ports tree are your friends in that regard.
--
News for geeks in Austin: www.geekaustin.org [geekaustin.org]
Re:Adobe responsible for the arrest? (Score:5)
My guess is Adobe contacted the FBI, told them what the guy did, and had their lawyers politely explain to the Feds how that violates the DMCA. Now if I were to contact the FBI and demand they arrest the guy who DDoS'd my DSL line a few months ago (I do know who it is, and have ample evidence) they'd laugh at me.
Government for the corporations, by the corporations, and of the corporations.
c.
Not to mention consumer protection... (Score:5)
What about consumer protection laws - this is misleading conduct on the behalf of the companies involved.
See No Evil, Hear No Evil, Speak no Evil (Score:4)
Civil vs Criminal (Score:4)
Re:More importantly. . . (Score:4)
Re:BTW (Score:5)
Under normal circumstances the authorities cannot detain citizens without arresting them, since doing so is paramount to an arrest. However, this case involves a non-citizen being barred from boarding a plane at an airport, and his detention was merely a temporary condition prior to his arrest.
Re:Entrapment? (Score:5)
The crime here is not cracking the "protection" but sharing the method used to perform the crack. While it is not a crime to describe in detail how to kill someone (if you do it without being inciteful), how to manufacture drugs, how to build a bomb, how to cheat on your wife, how to molest children, it is a crime to discuss methods of cracking anti-consumer "protections" on copyright restricted materials on digital media. This Russian guy broke that blatantly illegal law on US soil (using information he obtained at home in Russia where he may not have been violating any laws). Ergo, he gets arrested.
To quote Bulldog, "This sucks. This is total BS."
Spelling mistakes removed (Score:4)
I am writing today to express my displeasure concerning the way Adobe has conducted itself in regards to Dmitry Sklyarov and Elcomsoft. It would seem that, rather than thanking Mr. Sklyarov for exposing serious flaws in your products, and then correcting them, you have chosen to pursue a course of litigation and intimidation via the misuse of law enforcement.
I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occurring.
As an Adobe customer, here is what I want: The pursuit of better products, and not more litigation. We have enough of that already. I fear one day that my children may be imprisoned for pointing out flaws in corporate products, or for engaging in legitimate research of code and computer products. Perhaps, if you have children, they will be too. So I urge Adobe to "back off" as it were and refocus the money that would have been spent on lawyers into developing a more secure and better eBook system.
Thank-you for your time, and I look forward to your reply!
DMCA = Legitimization of a Corporate Police State? (Score:4)
If I were part of a company screwing over someone else's copyright or exploiting their crappy code, my company would be subject to a law suit. I can't imagine we'd all be hauled off in the paddy wagon. But an individual doing this can be jailed?
I'm not being sarcastic [this once]. I seriously don't get this.
[For my money, you should be subject to arrest for giving your conference such an overly-dramatic title. Hacking for human rights, my arse.] [ridiculopathy.com]
But the greater evil here is clear to see. In the graphics world Adobe = Microsoft, a single company holding the reigns on all of the industry's mission-critical tools. Time to get a better text tool for GIMP and get it to the people.
Tell Adobe (Score:5)
Don't just lament how wrong this is. TELL Adobe what you think of them and their actions. But PLEASE, be polite. Messages like "j00 suX0r Adobe!" get thrown in the PLOINK-bin faster than you can blink, and without a second thought. But a well-written message detailing why you are not happy with them, and what they can do about it, would be most helpful. Here are some PR contacts at adobe:
jcristof@adobe.com
dstyerwa@adobe.com
lvacante@adobe.com
ablatchf@adobe.com
skrueger@adobe.com
gbabbit@adobe.com
wsaso@adobe.com
Don't forget to give them a ring on the tele:
(408) 536-6000
And lastly, we have the executive's email addys (I think. I have not verified these addresses, so they may not work. The ones above will for sure though.)
jwarnock@adobe.com
cgeschke@adobe.com
bchizen@adobe.com
snarayen@adobe.com
mdemo@adobe.com
gfreeman@adobe.com
cpouliot@adobe.com
jstephens@adobe.com
ttownsley@adobe.com
mdyrdahl@adobe.com
blamkin@adobe.com
Go out there and tell them! Corporations are run by people, just like us. Sometimes those people do very stupid things and need correction; that is what I plan to do, and everyone who reads this message should do the same.
-- russ
Re:Tell Adobe (Score:5)
==
Dear Sir/Madam:
I am writing today to express my displeasure concerning the way Adobe has conducted itself in regards to Dmitry Sklyarov and Elcomsoft. It would seem that, rather than thanking Mr. Sklyarov for exposing serious flaws in your products, and then correcting them, you have chosen to persue a course of litigation and intimidation via the misuse of law enforcement.
I believe that copyright holders must have methods to secure their works. But as is obvious thanks to Elcomsoft's work, the protection afforded by Adobe's eBook products is easily overcome. There is no doubt that THOUSANDS of people have been taking advantage of this, silently, and thus ripping off legitimate copyright holders. Elcomsoft has only vocalized what was already occuring.
As an Adobe customer, here is what I want: The persuit of better products, and not more litigation. We have enough of that already. I fear one day that my children may be imprisioned for pointing out flaws in corporate products, or for engaging in legitimate research of code and computer products. Perhaps, if you have children, they will be too. So I urge Adobe to "back off" as it were and refocus the money that would have been spent on lawyers into developing a more secure and better eBook system.
Thank-you for your time, and I look forward to yout reply!
-- [INSERT NAME]
==
Happy now? You lazy people
-- russ
Hit them where it hurts--stock price (Score:5)
While I don't advocate and don't intend to cause harm to anyone's person or Adobe's physical plant, I would shed no tears if Adobe's HQ burned to the ground, preferably with the decision-maker responsible for this inside.
Re:Absolutely Incredible (Score:4)
The DMCA is a legal crutch for lazy companies that can't be bothered to design truly secure solutions. Or perhaps more honestly, for companies that know that consumers would balk at the inconvenience of using truly secure DVDs, etc., but still want to pretend that they're protecting something.
Parallel case? (Score:4)
Move that case into this post-DMCA case we live in today, and you would likely see the publisher of the magazine thrown in jail for creating an anti-circumvention device, and the PR people saying that this is a great victory for everyone because those evil hacker people were thrown in jail. Of course they'd also neglect to say that this information would probably become much more wide-spread than it otherwise would have been, and that a lot of innocent people would be adversely affected because the manufacturer would have little motivation to fix a glaring security flaw.
The result? The flaws are not fixed and there is the possibility of even more damage. People still know the flaws, but the problem is not fixed.
D - M - C - A
As Stallman said (Score:4)
As Richard Stallman said before:
He was talking about DMCA and the new Free Software laws in other countries.
So, if there's nothing like DMCA in your country, fight for your rights, don't let them cut back your rights!
Don't worry, I'm too busy [to|every]day
If tables were reversed? (Score:5)
I don't think that would go over well. Can anyone explain a difference to me? Or would the U.S. accept this arrest without problem?
Re:Doesn't the DMCA specifically protect this? (Score:4)
Mod parent up! (Score:5)